Russians probably targeted election systems in all 50 states, Senate report says

Russian government hackers likely targeted election systems in all 50 states in advance of the 2016 U.S. presidential election, according to a Senate committee report released Thursday.

The report, "Russian Efforts Against Election Infrastructure," is the first volume in the Senate Select Committee on Intelligence's bipartisan investigation into Russia's attempts to interfere with the U.S. elections.

According to the report, hackers, in some fashion, made attempts to access voting systems in all 50 states going back to 2014 and continuing until at least 2017. Additionally, the report said, the federal government’s efforts to warn state and local election officials fell short, and the vulnerability the systems had then persists in many instances today.

The report was released Thursday, the day after former special counsel Robert Mueller told the House Intelligence Committee that Russian attempts to attack U.S. elections are ongoing: “They’re doing it as we sit here. And they expect to do it during the next campaign.” It is the first of five volumes of the report to be released by the committee.

Future reports will address the "Intelligence Community Assessment (ICA) of Russian interference, the Obama Administration’s response to Russian interference, the role of social media disinformation campaigns, and remaining counterintelligence questions."

Intelligence Committee Chairman Sen. Richard Burr, R-North Carolina, and Vice-Chair Sen. Mark Warner, D-Virginia, led the panel that compiled the reports.

Here are the results of the investigation in volume one, and the committee’s recommendations.

What did the report find? Here are some of the things the investigation found and some recommendations from the committee.

The panel’s investigation found:

  • Russia's attempts to hack into U.S. elections systems began as early as 2014 and continued into at least 2017 and were aimed at state and local elections.
  • There is no evidence that any voting machines were tampered with or that any votes were changed.
  • It's believed that Russian hackers tried to access systems in every state. They conducted basic research on "election-related web pages, voter ID information, election system software, and election service companies," according to the report.
  • While the hackers attempted to breach security in every state, it had some success in Illinois where "Russian cyber actors were in a position to delete or change voter data" in the Illinois voter database. The report said that no evidence was found that showed that the hackers changed any of the Illinois data, but officials did not know why they didn't. "Russia might have intended to exploit vulnerabilities in election infrastructure during the 2016 elections and, for unknown reasons, decided not to execute those options," the report says. "Alternatively, Russia might have sought to gather information in the conduct of traditional espionage activities. Lastly, Russia might have used its activity in 2016 to catalog options or clandestine actions, holding them for use at a later date."
  • The federal government did a poor job of communicating with state election officials the seriousness of the hacking threats. While the Department of Homeland Security and the FBI told states of the threat of a cyberattack in August of 2016, "State election officials, who have primacy in running elections, were not sufficiently warned or prepared to handle an attack from a hostile nation-state actor," the report reads. The committee also chided the federal government, saying it "provided no clear reason for states to take this threat more seriously than any other alert received."
  • The committee said DHS programs to better help states with cybersecurity have been working but need to continue.
  • The Russian Embassy formally requested it be allowed to send election observers to polling places in 2016. The State Department denied that request.
  • The report also pointed out that while most election machines are not connected to the internet, some have remote access software installed on them. Remote access software allows a person to enter the system via a modem and have access to the machine's data, posing a significant cybersecurity vulnerability.

The report offered these recommendations: 

  • The committee believes Russia's attempts to hack election systems will continue and suggests states purchase more secure voting machines – preferably ones that have a voter-verified paper trail of the votes cast.
  • An accounting is needed of the results of the $380 million in grants sent to states in 2018 to help secure elections systems. According to the committee, Congress should evaluate how those funds were spent and consider more funding.
  • States should maintain the lead on running elections, as a decentralized system can make cyberattacks more difficult. However, states should be aware of the limitations of their systems when it comes to cybersecurity.
  • The U.S. government must let anyone attempting to hijack its election systems know it would consider such an attack as a hostile act against the country and should respond accordingly. A list of potential responses to such an attempt should be created and communicated to any state that would try to interfere with U.S. elections.

About the Author